Now go to the config folder of domain dummy ($GLASSFISH/glassfish/domains/dummy/config). There is a file admin-keyfile. Copy this file to the config folder of your original domain, e.g. domain1 ($GLASSFISH/glassfish/domains/domain1/config). Make sure you make a backup of the original admin-keyfile first.

Confirm that you can log in as admin again. If so, you can safely delete the dummy-domain:

Ubuntu 12.04 has the default firewall ufw enabled, but I rather use iptables. And everytime I reboot the system, I run a script to enable the firewall rules again. But I just found out I don’t need to, there’s a tool for that. Of course.

sudo apt-get install iptables-persistent

That asks you to save the current IPv4 and IPv6 rules and creates a service that is started at boot time so it reads the created files.

To have some directories on my server protected by more than a simple username and password, I wanted to use SSL and client certificates. I could easily restrict the directories to my local network IP-addresses, but when I’m “outside” that would present a problem. Hence the solution with client certificates.

As I blogged earlier, I requested a real server certificate from the people at Xolphin. Nice people, low prices, fast service. But…..you cannot create/sign client certificates with such a certificate. You need the real certificate installed on the server, and you need to create a certificate that has been created/signed by you as a fake Certificate Authority. The Fake CA has to be known to Apache and to your browser. Next the client certificate (created/signed by the Fake CA) must be imported into your browser, and of course the directories you want to protect need to be in the SSL-configuration of Apache.

Now that I know how it works, it is simple, but most guides on the internet either follow the Fake CA principle (so you don’t need to buy a real certificate) or they only use a real certificate. Spending money to have your SSL-certificate-supplier do the job for you is another thing. But this works. And for € 10 (excluding VAT) per year I now have a real server certificate, and I can further protect my server with my own certificates.

Pfff….finally. It was something that was long overdue, but I’ve setup my mailserver to allow sending mail after succesfully logging in. Done with SASL of course. Updated all the passwords in my MySQL database with the correct encrypted ones, fiddled around with the SASL-database (it needs to be copied for some reason after modifying it), and now it works. The reason of course was to use the switchbl8.nl domain for sending mail from my mobile phone (which is not on my local network, so by default isn’t allow to relay mail to other domains).

Most important change is also that my passwords are not send plain/unencrypted anymore…

Some people hack into resources of others. My wiki and my forums are almost constantly being hacked into, pages are altered, users are created, spam is left behind, etcetera, etcetera. That’s annoying.

I decided that the forums and the wiki will have to go. I hardly ever use them anyway. This is a message so you know where they went after they’re gone.